Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Development Initiative: Status and Next Steps

Published byMarian Fleming Modified over 6 years ago

Similar presentations

Presentation on theme: "IT Development Initiative: Status and Next Steps"— Presentation transcript:

1 IT Development Initiative: Status and Next Steps
Tom Jackson Vice Chancellor of Information Technology Services and Chief Information Officer May 1, 2018 Campus Presentation

2 Agenda Status Operating Standards Information Resources Inventory
IT Development Initiative Status and Next Steps Agenda Status Operating Standards Information Resources Inventory Data Stewardship and Classification Information Security Program Training Timeline

3 IT Development Initiative Status

4 IT Development Initiative
IT Development Initiative Status and Next Steps IT Development Initiative ISO Standard Policies, Operating Standards and Baseline Procedures Information Security Management Several projects related to IT security Compliance Information Security Assessments Organization Filling IT leadership positions and consolidation of technology and staff

5 ISO Standard Status Governance Policies Operating Standards
IT Development Initiative Status and Next Steps ISO Standard Status Governance Information Security Advisory Committee formed Information Security Incident Response Team formed Policies Information Security Policy approved and effective April 30th, 2018 Acceptable Use, Data Stewardship and polices under development Operating Standards Seven (7) standards under development Includes Windows Server, Windows Desktop, Linux Server, Macintosh Desktop

6 Information Security Management Status
IT Development Initiative Status and Next Steps Information Security Management Status Initial Projects Fourteen (14) projects underway Vulnerability Scanning Third scan underway Reviewing results to identify remediation projects Remediation Projects First remediation project underway Projects will be identified and executed throughout the summer

7 Compliance Information Security Assessments
IT Development Initiative Status and Next Steps Compliance Information Security Assessments Performed annually on each unit that manages technology Information Technology Services assessment will occur first, in Summer 2018 Other divisions and colleges will be assessed Summer and Fall 2018 Assessments will flow into Information Security Program Information Technology Risk Assessment Will occur late Fall 2018

8 Organization Status Search Firm Interviews Filled Deputy CIO
IT Development Initiative Status and Next Steps Organization Status Search Firm Deputy CIO Associate VC Data Governance Director, Enterprise Applications Interviews Director, Network and Systems Filled Director, Client Technology Director, IT Project Management and Business Operations Interim Director, Network and Systems

9 Operating Standards

10 Operating Standards Expansions of the Information Security Policy
IT Development Initiative Status and Next Steps Operating Standards Expansions of the Information Security Policy More technical details Prescriptive Auditable Reduce risk Exemptions Must include justification Approved by division or college leadership Approved by ITS Require alternative controls

11 Operating Standards Partial List
IT Development Initiative Status and Next Steps Operating Standards Partial List Windows Server Windows Desktop/Laptop Linux Server Macintosh Desktop/Laptop Authentication Access Control Application Administration Incident Response Mobile Device Management Network Device Configuration Perimeter Security Software Development

12 Operating Standards Rolled out during Summer 2018
IT Development Initiative Status and Next Steps Operating Standards Rolled out during Summer 2018 May lead to remediation projects Projects must be completed by Fall 2018

13 Information Resources Inventory

14 Information Resources Inventory
IT Development Initiative Status and Next Steps Information Resources Inventory Resources Data Hardware Software Inventory Must be maintained by division, college or department ITS has collected some data on hardware More details forthcoming Must be completed during the summer

15 Data Stewardship and Classification

16 Data Stewardship and Classification
IT Development Initiative Status and Next Steps Data Stewardship and Classification Additional policy To be completed during Summer 2018 Defines roles and responsibilities Data trustee Data steward Data custodian Data user Additional information forthcoming

17 Data Trustees Oversee data management and security Oversee policy
IT Development Initiative Status and Next Steps Data Trustees Oversee data management and security Oversee policy Oversee compliance

18 IT Development Initiative Status and Next Steps
Data Stewards Ensure compliance with regulations, policies and agreements Ensure data governance and management practices are followed Ensure proper access and security controls are implemented Ensure segregation of duties are implemented Ensure adequate data protection measures are implemented Ensure data is classified and inventoried

19 Data Custodians Grant access based on authority delegated from steward
IT Development Initiative Status and Next Steps Data Custodians Grant access based on authority delegated from steward Manage operations and security Servers Applications

20 Information Security Program

21 Information Security Program
IT Development Initiative Status and Next Steps Information Security Program Continuous Improvement Cycle Manage risk Manage and secure data Manage and secure technology Hardware Software Do Check Act Plan

22 Information Security Program
IT Development Initiative Status and Next Steps Information Security Program Led by Information Security Advisory Committee Information Security Services Includes annual information security assessments Each office that manages information resources Compliance with policy, standards and procedures Identifies risks and vulnerabilities Outcomes are prioritized to be addressed

23 Training

24 Training Mandatory General training for all employees
IT Development Initiative Status and Next Steps Training Mandatory General training for all employees Specialized training System Administration Application Administration Data Stewardship Begins in Fall 2018

25 Timeline

26 Timeline May – Initial operating standards review
IT Development Initiative Status and Next Steps Timeline May – Initial operating standards review Vulnerability scanning review June – Initial operating standards rollout to campus Additional operating standards development begins Remediation project planning Address operating standard compliance Address vulnerabilities Remediation projects begin Inventory begins

27 Timeline July – Remediation projects continue
IT Development Initiative Status and Next Steps Timeline July – Remediation projects continue ITS information security assessment Additional division or college information security assessments August – Remediation projects continue Additional policies approved September – Remediation projects continue

28 IT Development Initiative Status and Next Steps
Questions ?

Download ppt "IT Development Initiative: Status and Next Steps"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,

Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,
Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.

Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
1 April 12, 2010 Information Security Officer Meeting.

1 April 12, 2010 Information Security Officer Meeting.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Tune IT Up Campaign Overview Mark Kaletka Computing Division 9/29/2009 Mark Kaletka Computing Division 9/29/2009.

Tune IT Up Campaign Overview Mark Kaletka Computing Division 9/29/2009 Mark Kaletka Computing Division 9/29/2009.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Prepared: October, 2005 1 Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.

Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 July 08, 2010 Information Security Officer Meeting.

1 July 08, 2010 Information Security Officer Meeting.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
Www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.

Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.
Peer Information Security Policies: A Sampling Summer 2015.

Peer Information Security Policies: A Sampling Summer 2015.
© 2008 CH2M HILL, Inc Data contained on this sheet is proprietary; use or disclosure is prohibited. Page 1 The CSU System-wide Policy Project Communications.

© 2008 CH2M HILL, Inc Data contained on this sheet is proprietary; use or disclosure is prohibited. Page 1 The CSU System-wide Policy Project Communications.

Similar presentations

Ads by Google